All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"nessus": [{"id": "CISCO-SR-20070926-LB.NASL", "type": "nessus", "title": "Cisco Catalyst 6500 and Cisco 7600 Series Devices Accessible via Loopback Address (cisco-sr-20070926-lb)", "description": "The remote Cisco Catalyst 6500 and Cisco 7600 series device is affected by an issue that could allow remote attackers to send packets to an interface for which network exposure was unintended. \n\nIt should be noted that while the vendor describes a possible workaround, this plugin does not test for the presence of that workaround.", "published": "2013-09-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69985", "cvelist": ["CVE-2007-5134"], "lastseen": "2017-10-29T13:46:07"}], "cisco": [{"id": "CISCO-SA-20070926-CVE-2007-5134", "type": "cisco", "title": "Cisco IOS on Catalyst 6500 and Cisco 7600 Access Control List Bypass Vulnerability", "description": "Cisco IOS running on Catalyst 6500 and Cisco 7600 contains a vulnerability that could allow an unauthenticated, remote attacker to bypass configured ACLs. \n\nThe vulnerability exists because the affected devices accept traffic to IP addresses that are reserved for use by the Ethernet Out-of-Band Channel (EOBC). These addresses are not typically protected by ACLs, as they are not expected to be reachable outside the EOBC. An unauthenticated, remote attacker could exploit this vulnerability to bypass ACLs configured to protect exposed management addresses and send packets to intelligent modules such as the Supervisor or Multi-layer Switch Feature Card (MSFC). \n\nExploit code is not required to exploit this vulnerability.\n\nCisco has confirmed this vulnerability in a security response and released updated software.\n\nThe vulnerability affects Catalyst 6500 and Cisco 7000 devices that are running in both Hybrid Mode (CatOS on the Supervisor Engine and IOS on the MSFC) and Native Mode (IOS on both the Supervisor Engine and the MSFC). The 127.0.0.0/8 network is reserved for loopback and internal communications, as specified in RFC 3330[\"http://www.faqs.org/rfcs/rfc3330.html\"]. As such, traffic bound for this network is not routed over the public Internet. However, some default configurations of IOS running on Cisco Routers may allow such traffic to pass over trusted internal networks. The circumstances that would allow this are very specific and are unlikely to occur in most networks. These factors dramatically lower the pool of potential \nattackers. Any attacker that bypasses ACLs using this vulnerability to access an affected device must still authenticate to perform actions such as modifying configuration files.\n\nMultiple methods exist to effectively mitigate this vulnerability without downtime or software upgrades. Administrators of high availability environments are advised to utilize ACLs or Control Plane Policing (CoPP) to prevent unwanted traffic from reaching intelligent management cards. Administrators are still encouraged to update the software running on these devices during the next scheduled and planned outage.\n\nThis vulnerability has been resolved with the release of 12.2(33)SXH.", "published": "2007-09-26T22:30:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20070926-CVE-2007-5134", "cvelist": ["CVE-2007-5134"], "lastseen": "2017-09-26T15:34:16"}], "osvdb": [{"id": "OSVDB:37504", "type": "osvdb", "title": "Cisco Catalyst 6500 / 7600 Series EOBC Local Interface Weakness", "description": "## Solution Description\nUpgrade to version 12.2(33)SXH or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://www.cisco.com/warp/public/707/cisco-sr-20070926-lb.shtml)\nSecurity Tracker: 1018742\nSecurity Tracker: 1018743\n[Secunia Advisory ID:26988](https://secuniaresearch.flexerasoftware.com/advisories/26988/)\nMail List Post: http://seclists.org/fulldisclosure/2007/Sep/0573.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0574.html\nKeyword: CSCsg02323\nISS X-Force ID: 36826\nFrSIRT Advisory: ADV-2007-3276\n[CVE-2007-5134](https://vulners.com/cve/CVE-2007-5134)\nBugtraq ID: 25822\n", "published": "2007-09-27T14:21:52", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:37504", "cvelist": ["CVE-2007-5134"], "lastseen": "2017-04-28T13:20:33"}]}}